Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed

Severity: Medium
Summary#

Invicti detected that the web application is configured with the Spring Boot Shutdown Actuator enabled. This Actuator endpoint allows authenticated users to shut down the application.

Impact#

An authenticated user can use the Spring Boot Shutdown Actuator to shut down the application.

Actions To Take#

It's recommended to disable the Spring Boot Shutdown Actuator unless there is a good reason to have this feature enabled.  This can be done using the following configuration:

endpoints.shutdown.enabled=false
Classifications#
, , ,

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Invicti

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo